<?php
/*
	services_captiveportal.php
	part of m0n0wall (http://m0n0.ch/wall)

	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
	All rights reserved.

	Redistribution and use in source and binary forms, with or without
	modification, are permitted provided that the following conditions are met:

	1. Redistributions of source code must retain the above copyright notice,
	   this list of conditions and the following disclaimer.

	2. Redistributions in binary form must reproduce the above copyright
	   notice, this list of conditions and the following disclaimer in the
	   documentation and/or other materials provided with the distribution.

	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
	INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
	OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
	POSSIBILITY OF SUCH DAMAGE.
*/

##|+PRIV
##|*IDENT=page-services-captiveportal
##|*NAME=Services: Captive portal page
##|*DESCR=Allow access to the 'Services: Captive portal' page.
##|*MATCH=services_captiveportal.php*
##|-PRIV


$pgtitle = array("服务管理","认证门户");
require("guiconfig.inc");

if (!is_array($config['captiveportal'])) {
	$config['captiveportal'] = array();
	$config['captiveportal']['page'] = array();
	$config['captiveportal']['timeout'] = 60;
}

if ($_GET['act'] == "viewhtml") {
	echo gzinflate(base64_decode($config['captiveportal']['page']['htmltext']));
	exit;
} else if ($_GET['act'] == "viewerrhtml") {
	echo gzinflate(base64_decode($config['captiveportal']['page']['errtext']));
	exit;
}

$pconfig['cinterface'] = explode(',', $config['captiveportal']['interface']);
$pconfig['maxproc'] = $config['captiveportal']['maxproc'];
$pconfig['maxprocperip'] = $config['captiveportal']['maxprocperip'];
$pconfig['timeout'] = $config['captiveportal']['timeout'];
$pconfig['idletimeout'] = $config['captiveportal']['idletimeout'];
$pconfig['enable'] = isset($config['captiveportal']['enable']);
$pconfig['auth_method'] = $config['captiveportal']['auth_method'];
$pconfig['radacct_enable'] = isset($config['captiveportal']['radacct_enable']);
$pconfig['radmac_enable'] = isset($config['captiveportal']['radmac_enable']);
$pconfig['radmac_secret'] = $config['captiveportal']['radmac_secret'];
$pconfig['reauthenticate'] = isset($config['captiveportal']['reauthenticate']);
$pconfig['reauthenticateacct'] = $config['captiveportal']['reauthenticateacct'];
$pconfig['httpslogin_enable'] = isset($config['captiveportal']['httpslogin']);
$pconfig['httpsname'] = strtolower($config['captiveportal']['httpsname']);
$pconfig['cert'] = base64_decode($config['captiveportal']['certificate']);
$pconfig['key'] = base64_decode($config['captiveportal']['private-key']);
$pconfig['logoutwin_enable'] = isset($config['captiveportal']['logoutwin_enable']);
$pconfig['peruserbw'] = isset($config['captiveportal']['peruserbw']);
$pconfig['bwdefaultdn'] = $config['captiveportal']['bwdefaultdn'];
$pconfig['bwdefaultup'] = $config['captiveportal']['bwdefaultup'];
$pconfig['nomacfilter'] = isset($config['captiveportal']['nomacfilter']);
$pconfig['noconcurrentlogins'] = isset($config['captiveportal']['noconcurrentlogins']);
$pconfig['redirurl'] = $config['captiveportal']['redirurl'];
$pconfig['radiusip'] = $config['captiveportal']['radiusip'];
$pconfig['radiusip2'] = $config['captiveportal']['radiusip2'];
$pconfig['radiusport'] = $config['captiveportal']['radiusport'];
$pconfig['radiusport2'] = $config['captiveportal']['radiusport2'];
$pconfig['radiusacctport'] = $config['captiveportal']['radiusacctport'];
$pconfig['radiuskey'] = $config['captiveportal']['radiuskey'];
$pconfig['radiuskey2'] = $config['captiveportal']['radiuskey2'];
$pconfig['radiusvendor'] = $config['captiveportal']['radiusvendor'];

//$pconfig['radiussession_timeout'] = isset($config['captiveportal']['radiussession_timeout']);

if ($_POST) {

	unset($input_errors);
	$pconfig = $_POST;

	/* input validation */
	if ($_POST['enable']) {
		$reqdfields = explode(" ", "cinterface");
		$reqdfieldsn = explode(",", "接口");

		do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors);

		/* make sure no interfaces are bridged */
		if (link_interface_to_bridge($pconfig['cinterface'])) 
			$input_errors[] = "The captive portal cannot be used when one or more interfaces are bridged.";

		if ($_POST['httpslogin_enable']) {
		 	if (!$_POST['cert'] || !$_POST['key']) {
				$input_errors[] = "Certificate and key must be specified for HTTPS login.";
			} else {
				if (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))
					$input_errors[] = "This certificate does not appear to be valid.";
				if (!strstr($_POST['key'], "BEGIN RSA PRIVATE KEY") || !strstr($_POST['key'], "END RSA PRIVATE KEY"))
					$input_errors[] = "This key does not appear to be valid.";
			}

			if (!$_POST['httpsname'] || !is_domain($_POST['httpsname'])) {
				$input_errors[] = "The HTTPS server name must be specified for HTTPS login.";
			}
		}
	}

	if(in_array('wan', $_POST['cinterface']))
	{
	    $input_errors[] = "WAN不能作为认证门户接口。";
	}
	
	if(count($_POST['cinterface']) == 0)
	{
	    $input_errors[] = "请选择认证门户接口。";
	}
	
	if ($_POST['timeout'] && (!is_numeric($_POST['timeout']) || ($_POST['timeout'] < 1))) {
		$input_errors[] = "强制超时最小为1分钟。";
	}
	if ($_POST['idletimeout'] && (!is_numeric($_POST['idletimeout']) || ($_POST['idletimeout'] < 1))) {
		$input_errors[] = "空闲超时最小为1分钟。";
	}
	if (($_POST['radiusip'] && !is_ipaddr($_POST['radiusip']))) {
		$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip']."]";
	}
	if (($_POST['radiusip2'] && !is_ipaddr($_POST['radiusip2']))) {
		$input_errors[] = "A valid IP address must be specified. [".$_POST['radiusip2']."]";
	}
	if (($_POST['radiusport'] && !is_port($_POST['radiusport']))) {
		$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport']."]";
	}
	if (($_POST['radiusport2'] && !is_port($_POST['radiusport2']))) {
		$input_errors[] = "A valid port number must be specified. [".$_POST['radiusport2']."]";
	}
	if (($_POST['radiusacctport'] && !is_port($_POST['radiusacctport']))) {
		$input_errors[] = "A valid port number must be specified. [".$_POST['radiusacctport']."]";
	}
	if ($_POST['maxproc'] && (!is_numeric($_POST['maxproc']) || ($_POST['maxproc'] < 4) || ($_POST['maxproc'] > 100))) {
		$input_errors[] = "The total maximum number of concurrent connections must be between 4 and 100.";
	}
	$mymaxproc = $_POST['maxproc'] ? $_POST['maxproc'] : 16;
	if ($_POST['maxprocperip'] && (!is_numeric($_POST['maxprocperip']) || ($_POST['maxprocperip'] > $mymaxproc))) {
		$input_errors[] = "The maximum number of concurrent connections per client IP address may not be larger than the global maximum.";
	}

	if (!$input_errors) {
		$config['captiveportal']['interface'] = implode(',', $_POST['cinterface']);
		$config['captiveportal']['maxproc'] = $_POST['maxproc'];
		$config['captiveportal']['maxprocperip'] = $_POST['maxprocperip'] ? $_POST['maxprocperip'] : false;
		$config['captiveportal']['timeout'] = $_POST['timeout'];
		$config['captiveportal']['idletimeout'] = $_POST['idletimeout'];
		$config['captiveportal']['enable'] = $_POST['enable'] ? true : false;
		$config['captiveportal']['auth_method'] = $_POST['auth_method'];
		$config['captiveportal']['radacct_enable'] = $_POST['radacct_enable'] ? true : false;
		$config['captiveportal']['reauthenticate'] = $_POST['reauthenticate'] ? true : false;
		$config['captiveportal']['radmac_enable'] = $_POST['radmac_enable'] ? true : false;
		$config['captiveportal']['radmac_secret'] = $_POST['radmac_secret'] ? $_POST['radmac_secret'] : false;
		$config['captiveportal']['reauthenticateacct'] = $_POST['reauthenticateacct'];
		$config['captiveportal']['httpslogin'] = $_POST['httpslogin_enable'] ? true : false;
		$config['captiveportal']['httpsname'] = $_POST['httpsname'];
		$config['captiveportal']['peruserbw'] = $_POST['peruserbw'] ? true : false;
		$config['captiveportal']['bwdefaultdn'] = $_POST['bwdefaultdn'];
		$config['captiveportal']['bwdefaultup'] = $_POST['bwdefaultup'];
		$config['captiveportal']['certificate'] = base64_encode($_POST['cert']);
		$config['captiveportal']['private-key'] = base64_encode($_POST['key']);
		$config['captiveportal']['logoutwin_enable'] = $_POST['logoutwin_enable'] ? true : false;
		$config['captiveportal']['nomacfilter'] = $_POST['nomacfilter'] ? true : false;
		$config['captiveportal']['noconcurrentlogins'] = $_POST['noconcurrentlogins'] ? true : false;
		$config['captiveportal']['redirurl'] = $_POST['redirurl'];
		$config['captiveportal']['radiusip'] = $_POST['radiusip'];
		$config['captiveportal']['radiusip2'] = $_POST['radiusip2'];
		$config['captiveportal']['radiusport'] = $_POST['radiusport'];
		$config['captiveportal']['radiusport2'] = $_POST['radiusport2'];
		$config['captiveportal']['radiusacctport'] = $_POST['radiusacctport'];
		$config['captiveportal']['radiuskey'] = $_POST['radiuskey'];
		$config['captiveportal']['radiuskey2'] = $_POST['radiuskey2'];
		$config['captiveportal']['radiusvendor'] = $_POST['radiusvendor'] ? $_POST['radiusvendor'] : false;
		//$config['captiveportal']['radiussession_timeout'] = $_POST['radiussession_timeout'] ? true : false;

		/* file upload? */
		if (is_uploaded_file($_FILES['htmlfile']['tmp_name']))
			$config['captiveportal']['page']['htmltext'] = base64_encode(gzdeflate(file_get_contents($_FILES['htmlfile']['tmp_name']), 9));
		if (is_uploaded_file($_FILES['errfile']['tmp_name']))
			$config['captiveportal']['page']['errtext'] = base64_encode(gzdeflate(file_get_contents($_FILES['errfile']['tmp_name']), 9));

		write_config();

		$retval = 0;

		config_lock();
		$retval = captiveportal_configure();
		config_unlock();

		$savemsg = get_std_save_message($retval);
	}
}
include("head.inc");
?>
<?php include("fbegin.inc"); ?>
<script language="JavaScript">
<!--
function enable_change(enable_change) {
	var endis, radius_endis;
	endis = !(document.iform.enable.checked || enable_change);
//	radius_endis = !((!endis && document.iform.auth_method[2].checked) || enable_change);


	document.iform.cinterface.disabled = endis;
	//document.iform.maxproc.disabled = endis;
//	document.iform.maxprocperip.disabled = endis;
	document.iform.idletimeout.disabled = endis;
	document.iform.timeout.disabled = endis;
	document.iform.redirurl.disabled = endis;
//	document.iform.radiusip.disabled = radius_endis;
//	document.iform.radiusip2.disabled = radius_endis;
//	document.iform.radiusport.disabled = radius_endis;
//	document.iform.radiusport2.disabled = radius_endis;
//	document.iform.radiuskey.disabled = radius_endis;
//	document.iform.radiuskey2.disabled = radius_endis;
//	document.iform.radacct_enable.disabled = radius_endis;
//	document.iform.peruserbw.disabled = endis;
//	document.iform.bwdefaultdn.disabled = endis;
//	document.iform.bwdefaultup.disabled = endis;
//	document.iform.reauthenticate.disabled = radius_endis;
	document.iform.auth_method[0].disabled = endis;
	document.iform.auth_method[1].disabled = endis;
//	document.iform.auth_method[2].disabled = endis;
//	document.iform.radmac_enable.disabled = radius_endis;
//	document.iform.httpslogin_enable.disabled = endis;
//	document.iform.httpsname.disabled = endis;
//	document.iform.cert.disabled = endis;
//	document.iform.key.disabled = endis;
	document.iform.logoutwin_enable.disabled = endis;
//	document.iform.nomacfilter.disabled = endis;
	document.iform.noconcurrentlogins.disabled = endis;
//	document.iform.radiusvendor.disabled = radius_endis;
	//document.iform.radiussession_timeout.disabled = radius_endis;
	document.iform.htmlfile.disabled = endis;
	document.iform.errfile.disabled = endis;

//	document.iform.radiusacctport.disabled = (radius_endis || !document.iform.radacct_enable.checked) && !enable_change;

//	document.iform.radmac_secret.disabled = (radius_endis || !document.iform.radmac_enable.checked) && !enable_change;

//	var reauthenticate_dis = (radius_endis || !document.iform.reauthenticate.checked) && !enable_change;
//	document.iform.reauthenticateacct[0].disabled = reauthenticate_dis;
//	document.iform.reauthenticateacct[1].disabled = reauthenticate_dis;
//	document.iform.reauthenticateacct[2].disabled = reauthenticate_dis;
}
//-->
</script>
<body link="#0000CC" vlink="#0000CC" alink="#0000CC">
<?php if ($input_errors) print_input_errors($input_errors); ?>
<?php if ($savemsg) print_info_box($savemsg); ?>
<div class="soft_cont_right_table">
<form action="services_captiveportal.php" method="post" enctype="multipart/form-data" name="iform" id="iform">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <tr><td class="tabnavtbl">
<?php
	$tab_array = array();
    $tab_array[] = array("认证门户", true, "services_captiveportal.php");
    $tab_array[] = array("免认证MAC", false, "services_captiveportal_mac.php");
    $tab_array[] = array("免认证IP", false, "services_captiveportal_ip.php");
    $tab_array[] = array("文件管理", false, "services_captiveportal_filemanager.php");
//	display_top_tabs($tab_array);
?>    </td></tr>
  <tr>
  <td class="tabcont">
  <table width="100%" border="0" cellpadding="6" cellspacing="0">
	<tr>
	  <td width="22%" valign="top" class="vtable">&nbsp;</td>
	  <td width="78%" class="vtable">
		<input name="enable" type="checkbox" value="yes" <?php if ($pconfig['enable']) echo "checked"; ?> onClick="enable_change(false)">
		<strong>启用认证门户</strong></td>
	</tr>
	<tr>
	  <td width="22%" valign="top" class="vncellreq">接口</td>
	  <td width="78%" class="vtable">
		<select name="cinterface[]" class="formselect" id="cinterface" multiple>
		  <?php 
		  $interfaces = get_configured_interface_with_descr();
		  foreach ($interfaces as $iface => $ifacename): ?>
		  <option value="<?=$iface;?>" <?php if (in_array($iface, $pconfig['cinterface']) || (count($pconfig['cinterface']) == 0 && $iface == 'lan')) echo "selected"; ?>>
		  <?=htmlspecialchars($ifacename);?>
		  </option>
		  <?php endforeach; ?>
		</select> <br>
		<span class="vexpl">选择开启认证门户的接口</span></td>
	</tr>
	<!--
	<tr>
	  <td valign="top" class="vncell">最高连接数</td>
	  <td class="vtable">
		<table cellpadding="0" cellspacing="0">
                 <tr>
           			<td><input name="maxprocperip" type="text" class="formfld unknown" id="maxprocperip" size="5" 
value="<?=htmlspecialchars($pconfig['maxprocperip']);?>"> per client IP address (0 = no limit)</td>
                 </tr>
               </table>
This setting limits the number of concurrent connections to the captive portal HTTP(S) server. This does not set how many users can be logged in
to the captive portal, but rather how many users can load the portal page or authenticate at the same time!
Default is 4 connections per client IP address, with a total maximum of 16 connections.</td>
	</tr>-->
	<tr>
	  <td valign="top" class="vncell">空闲超时</td>
	  <td class="vtable">
		<input name="idletimeout" type="text" class="formfld unknown" id="idletimeout" size="6" value="<?=htmlspecialchars($pconfig['idletimeout']);?>">
分钟<br>
客户端在指定时间内没有访问将自动退出登陆。</td>
	</tr>
	<tr>
	  <td width="22%" valign="top" class="vncell">强制超时</td>
	  <td width="78%" class="vtable">
		<input name="timeout" type="text" class="formfld unknown" id="timeout" size="6" value="<?=htmlspecialchars($pconfig['timeout']);?>">
		分钟<br>
客户端在指定时间内退出登陆，即使没有空闲超时。不填写表示不超时。请至少指定一个空闲超时时间或者强制超时时间。
        </td>
	</tr>
	<tr>
	  <td width="22%" valign="top" class="vncell">退出登陆窗口</td>
	  <td width="78%" class="vtable">
		<input name="logoutwin_enable" type="checkbox" id="logoutwin_enable" value="yes" <?php if($pconfig['logoutwin_enable']) echo "checked"; ?>>
		<strong>启用退出登陆窗口</strong><br>
	  启用该选项时，用户登录后将弹出用于退出登陆的窗口，使用户可以主动退出登陆。<td>
	</tr>
	<tr>
	  <td valign="top" class="vncell">重定向URL</td>
	  <td class="vtable">
		<input name="redirurl" type="text" class="formfld url" id="redirurl" size="60" value="<?=htmlspecialchars($pconfig['redirurl']);?>">
		<br>
如果填写字段，用户在登陆后将会重定向到该地址，而不是他所输入的地址。
</td>
	</tr>  
	<tr>
      <td valign="top" class="vncell">帐户重复登陆</td>
      <td class="vtable">
	<input name="noconcurrentlogins" type="checkbox" id="noconcurrentlogins" value="yes" <?php if ($pconfig['noconcurrentlogins']) echo "checked"; ?>>
	<strong>禁用帐户重复登陆</strong><br>
	如果选中该选项，同一个帐户只能由一个用户登陆，以相同用户名登陆会使之前以该账户登录的用户退出登陆。
	</td>
	</tr><!--
	<tr>
      <td valign="top" class="vncell">MAC filtering </td>
      <td class="vtable">
        <input name="nomacfilter" type="checkbox" class="formfld" id="nomacfilter" value="yes" <?php if ($pconfig['nomacfilter']) echo "checked"; ?>>
        <strong>Disable MAC filtering</strong><br>
    If this option is set, no attempts will be made to ensure that the MAC address of clients stays the same while they're logged in.
    This is required when the MAC address of the client cannot be determined (usually because there are routers between <?php echo $g['product_name'] ?> and the clients).
    If this is enabled, RADIUS MAC authentication cannot be used.</td>
	</tr>
	<tr>
      <td valign="top" class="vncell">Per-user bandwidth restriction</td>
      <td class="vtable">
        <input name="peruserbw" type="checkbox" class="formfld" id="peruserbw" value="yes" <?php if ($pconfig['peruserbw']) echo "checked"; ?>>
        <strong>Enable per-user bandwidth restriction</strong><br><br>
        <table cellpadding="0" cellspacing="0">
        <tr>
        <td>Default download</td>
        <td><input type="text" class="formfld unknown" name="bwdefaultdn" id="bwdefaultdn" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultdn']);?>"> Kbit/s</td>
        </tr>
        <tr>
        <td>Default upload</td>
        <td><input type="text" class="formfld unknown" name="bwdefaultup" id="bwdefaultup" size="10" value="<?=htmlspecialchars($pconfig['bwdefaultup']);?>"> Kbit/s</td>
        </tr></table>
        <br>
        If this option is set, the captive portal will restrict each user who logs in to the specified default bandwidth. RADIUS can override the default settings. Leave empty or set to 0 for no limit. </td>
	</tr>
	-->
	<tr>
	  <td width="22%" valign="top" class="vncell">用户验证</td>
	  <td width="78%" class="vtable">
		<table cellpadding="0" cellspacing="0">
		<tr>
		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="none" onClick="enable_change(false)" <?php if($pconfig['auth_method']!="local" && $pconfig['auth_method']!="radius") echo "checked"; ?>>
  无需验证</td>
		  </tr>
		<tr>
		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="local" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="local") echo "checked"; ?>>
  本地验证 <a href="system_usermanager.php">用户管理</a></td>
		  </tr><!--
		<tr>
		  <td colspan="2"><input name="auth_method" type="radio" id="auth_method" value="radius" onClick="enable_change(false)" <?php if($pconfig['auth_method']=="radius") echo "checked"; ?>>
  RADIUS Authentication</td>
		  </tr>-->
		  <tr>
		  <td>&nbsp;</td>
		  <td>&nbsp;</td>
		  </tr>
		</table><!--
		<table width="100%" border="0" cellpadding="6" cellspacing="0">
        	<tr>
            	<td colspan="2" valign="top" class="optsect_t2">Primary RADIUS server</td>
			</tr>
			<tr>
				<td class="vncell" valign="top">IP address</td>
				<td class="vtable"><input name="radiusip" type="text" class="formfld unknown" id="radiusip" size="20" value="<?=htmlspecialchars($pconfig['radiusip']);?>"><br>
				Enter the IP address of the RADIUS server which users of the captive portal have to authenticate against.</td>
			</tr>
			<tr>
				<td class="vncell" valign="top">Port</td>
				<td class="vtable"><input name="radiusport" type="text" class="formfld unknown" id="radiusport" size="5" value="<?=htmlspecialchars($pconfig['radiusport']);?>"><br>
				 Leave this field blank to use the default port (1812).</td>
			</tr>
			<tr>
				<td class="vncell" valign="top">Shared secret&nbsp;&nbsp;</td>
				<td class="vtable"><input name="radiuskey" type="text" class="formfld unknown" id="radiuskey" size="16" value="<?=htmlspecialchars($pconfig['radiuskey']);?>"><br>
				Leave this field blank to not use a RADIUS shared secret (not recommended).</td>
			</tr>
			<tr>
			  <td colspan="2" class="list" height="12"></td>
			</tr>
			<tr>
				<td colspan="2" valign="top" class="optsect_t2">Secondary RADIUS server</td>
			</tr>
			<tr>
				<td class="vncell" valign="top">IP address</td>
				<td class="vtable"><input name="radiusip2" type="text" class="formfld unknown" id="radiusip2" size="20" value="<?=htmlspecialchars($pconfig['radiusip2']);?>"><br>
				If you have a second RADIUS server, you can activate it by entering its IP address here.</td>
			</tr>
			<tr>
				<td class="vncell" valign="top">Port</td>
				<td class="vtable"><input name="radiusport2" type="text" class="formfld unknown" id="radiusport2" size="5" value="<?=htmlspecialchars($pconfig['radiusport2']);?>"></td>
			</tr>
			<tr>
				<td class="vncell" valign="top">Shared secret&nbsp;&nbsp;</td>
				<td class="vtable"><input name="radiuskey2" type="text" class="formfld unknown" id="radiuskey2" size="16" 
value="<?=htmlspecialchars($pconfig['radiuskey2']);?>"></td>
			</tr>
			<tr>
			  <td colspan="2" class="list" height="12"></td>
			</tr>
			<tr>
				<td colspan="2" valign="top" class="optsect_t2">Accounting</td>
			</tr>
			<tr>
				<td class="vncell">&nbsp;</td>
				<td class="vtable"><input name="radacct_enable" type="checkbox" id="radacct_enable" value="yes" onClick="enable_change(false)" <?php if($pconfig['radacct_enable']) echo "checked"; ?>>
				<strong>send RADIUS accounting packets</strong><br>
				If this is enabled, RADIUS accounting packets will be sent to the primary RADIUS server.</td>
			</tr>
			<tr>
			  <td class="vncell" valign="top">Accounting port</td>
			  <td class="vtable"><input name="radiusacctport" type="text" class="formfld unknown" id="radiusacctport" size="5" value="<?=htmlspecialchars($pconfig['radiusacctport']);?>"><br>
			  Leave blank to use the default port (1813).</td>
			  </tr>
			<tr>
			  <td colspan="2" class="list" height="12"></td>
			</tr>
			<tr>
				<td colspan="2" valign="top" class="optsect_t2">Reauthentication</td>
			</tr>
			<tr>
				<td class="vncell">&nbsp;</td>
				<td class="vtable"><input name="reauthenticate" type="checkbox" id="reauthenticate" value="yes" onClick="enable_change(false)" <?php if($pconfig['reauthenticate']) echo "checked"; ?>>
			  <strong>Reauthenticate connected users every minute</strong><br>
			  If reauthentication is enabled, Access-Requests will be sent to the RADIUS server for each user that is
			  logged in every minute. If an Access-Reject is received for a user, that user is disconnected from the captive portal immediately.</td>
			</tr>
			<tr>
			  <td class="vncell" valign="top">Accounting updates</td>
			  <td class="vtable">
			  <input name="reauthenticateacct" type="radio" value="" <?php if(!$pconfig['reauthenticateacct']) echo "checked"; ?>> no accounting updates<br>
			  <input name="reauthenticateacct" type="radio" value="stopstart" <?php if($pconfig['reauthenticateacct'] == "stopstart") echo "checked"; ?>> stop/start accounting<br>
			  <input name="reauthenticateacct" type="radio" value="interimupdate" <?php if($pconfig['reauthenticateacct'] == "interimupdate") echo "checked"; ?>> interim update
			  </td>
			</tr>
			<tr>
			  <td colspan="2" class="list" height="12"></td>
			</tr>
			<tr>
				<td colspan="2" valign="top" class="optsect_t2">RADIUS MAC authentication</td>
			</tr>
			<tr>
				<td class="vncell">&nbsp;</td>
				<td class="vtable">
				<input name="radmac_enable" type="checkbox" id="radmac_enable" value="yes" onClick="enable_change(false)" <?php if ($pconfig['radmac_enable']) echo "checked"; ?>><strong>Enable RADIUS MAC authentication</strong><br>
				If this option is enabled, the captive portal will try to authenticate users by sending their MAC address as the username and the password
				entered below to the RADIUS server.</td>
			</tr>
			<tr>
				<td class="vncell">Shared secret</td>
				<td class="vtable"><input name="radmac_secret" type="text" class="formfld unknown" id="radmac_secret" size="16" value="<?=htmlspecialchars($pconfig['radmac_secret']);?>"></td>
			</tr>
			<tr>
			  <td colspan="2" class="list" height="12"></td>
			</tr>
			<tr>
				<td colspan="2" valign="top" class="optsect_t2">RADIUS options</td>
			</tr>

			<tr>
				<td class="vncell" valign="top">Session-Timeout</td>
				<td class="vtable"><input name="radiussession_timeout" type="checkbox" id="radiussession_timeout" value="yes" <?php if ($pconfig['radiussession_timeout']) echo "checked"; ?>><strong>Use RADIUS Session-Timeout attributes</strong><br>
				When this is enabled, clients will be disconnected after the amount of time retrieved from the RADIUS Session-Timeout attribute.</td>
			</tr>
			<tr>
				<td class="vncell" valign="top">Type</td>
				<td class="vtable"><select name="radiusvendor" id="radiusvendor">
				<option>default</option>
				<?php
				$radiusvendors = array("cisco");
				foreach ($radiusvendors as $radiusvendor){
					if ($pconfig['radiusvendor'] == $radiusvendor)
						echo "<option selected value=\"$radiusvendor\">$radiusvendor</option>\n";
					else
						echo "<option value=\"$radiusvendor\">$radiusvendor</option>\n";
				}
				?></select><br>
				If RADIUS type is set to Cisco, in Access-Requests the value of Calling-Station-Id will be set to the client's IP address and
				the Called-Station-Id to the client's MAC address. Default behaviour is Calling-Station-Id = client's MAC address and Called-Station-Id = <?=$g['product_name']?>'s WAN IP address.</td>
			</tr>
		</table>-->
	</tr>
	<!--  
	<tr>
      <td valign="top" class="vncell">HTTPS login</td>
      <td class="vtable">
        <input name="httpslogin_enable" type="checkbox" class="formfld" id="httpslogin_enable" value="yes" <?php if($pconfig['httpslogin_enable']) echo "checked"; ?>>
        <strong>Enable HTTPS login</strong><br>
    If enabled, the username and password will be transmitted over an HTTPS connection to protect against eavesdroppers. A server name, certificate and matching private key must also be specified below.</td>
	  </tr>
	<tr>
      <td valign="top" class="vncell">HTTPS server name </td>
      <td class="vtable">
        <input name="httpsname" type="text" class="formfld unknown" id="httpsname" size="30" value="<?=htmlspecialchars($pconfig['httpsname']);?>"><br>
    	This name will be used in the form action for the HTTPS POST and should match the Common Name (CN) in your certificate (otherwise, the client browser will most likely display a security warning). Make sure captive portal clients can resolve this name in DNS and verify on the client that the IP resolves to the correct interface IP on <?=$g['product_name']?>. </td>
	  </tr>
	<tr>
      <td valign="top" class="vncell">HTTPS certificate</td>
      <td class="vtable">
        <textarea name="cert" cols="65" rows="7" id="cert" class="formpre"><?=htmlspecialchars($pconfig['cert']);?></textarea>
        <br>
    Paste a signed certificate in X.509 PEM format here.</td>
	  </tr>
	<tr>
      <td valign="top" class="vncell">HTTPS private key</td>
      <td class="vtable">
        <textarea name="key" cols="65" rows="7" id="key" class="formpre"><?=htmlspecialchars($pconfig['key']);?></textarea>
        <br>
    Paste an RSA private key in PEM format here.</td>
	  </tr>-->
	<tr>
	  <td width="22%" valign="top" class="vncellreq">认证页面</td>
	  <td width="78%" class="vtable">
		<?=$mandfldhtml;?><input type="file" name="htmlfile" class="formfld file" id="htmlfile"><br>
		<?php
			list($host) = explode(":", $_SERVER['HTTP_HOST']);
			if(isset($config['captiveportal']['httpslogin'])) {
				$href = "https://$host:8001";
			} else {
				$href = "http://$host:8000";
			}
		?>
		<?php if ($config['captiveportal']['page']['htmltext']): ?>
		<a href="<?=$href?>" target="_new">查看当前页面</a>
		  <br>
		  <br>
		<?php endif; ?>
		  上传一个HTML文件作为认证页面（不上传使用表示使用当前页面）。请确认页面中包含下面这个表单。在不需用户验证的情况下auth_user和auth_password可以省略。
		  <br><br>
		  <tt>&lt;form method=&quot;post&quot; action=&quot;$PORTAL_ACTION$&quot;&gt;<br>
		  &nbsp;&nbsp;&nbsp;&lt;input name=&quot;auth_user&quot; type=&quot;text&quot;&gt;<br>
		  &nbsp;&nbsp;&nbsp;&lt;input name=&quot;auth_pass&quot; type=&quot;password&quot;&gt;<br>
		  &nbsp;&nbsp;&nbsp;&lt;input name=&quot;redirurl&quot; type=&quot;hidden&quot; value=&quot;$PORTAL_REDIRURL$&quot;&gt;<br>
&nbsp;&nbsp;&nbsp;&lt;input name=&quot;accept&quot; type=&quot;submit&quot; value=&quot;Continue&quot;&gt;<br>
		  &lt;/form&gt;</tt></td>
	</tr>
	<tr>
	  <td width="22%" valign="top" class="vncell">验证失败页面<br></td>
	  <td class="vtable">
		<input name="errfile" type="file" class="formfld file" id="errfile"><br>
		<?php if ($config['captiveportal']['page']['errtext']): ?>
		<a href="?act=viewerrhtml" target="_blank">查看当前页面</a>
		  <br>
		  <br>
		<?php endif; ?>
上传一个HTML文件作为认证失败页面（不上传使用表示使用当前页面）。请确保页面中含有&quot;$PORTAL_MESSAGE$&quot;，他将被替换为相应的错误信息。
</td>
	</tr>
	<tr>
	  <td width="22%" valign="top">&nbsp;</td>
	  <td width="78%">
		<input name="Submit" type="submit" class="formbtn" value="保存" onClick="enable_change(true)">
	  </td>
	</tr>
	<tr>
	  <td width="22%" valign="top">&nbsp;</td>
	  <td width="78%"><span class="vexpl"><span class="red"><strong>注意：<br>
		</strong></span>修改并保存本页面的任何设置都会导致所有客户端推出登陆状态。请确认打开了相应接口上的DHCP服务器，并且DHCP默认或最长租约大于认证门户的超时时间。另外您需要打开DNS转发服务。
		</td>
	</tr>
  </table>
  </td>
  </tr>
  </table>
</form>
</div>
<script language="JavaScript">
<!--
enable_change(false);
//-->
</script>
<?php include("fend.inc"); ?>
</body>
</html>

